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(57) Abstract: The present invention provides a system for creating an application software environment without changing an 
operating system of a client computer, the system comprising an operating system abstraction and protection layer, wherein said 
abstraction and protection layer is interposed between a ninning soAware application and said operating system, whereby a viitual 
environment in which an application may run is provided and application level interactions are substantially removed. Preferably, 
any changes directly to the operating system are selectively made within the context of the running application and the abstraction 
and protection layer dynamically changes the virtual environment according to administrative settings. Additionally, in certain em- 
bodiments, the system continually monitors the use of shared system resources and acts as a SCTvice to apply and remove changes 
to system components. The present thus invention defines an "Operating System Guard." These components cover the protection 
semantics required by DLLs and other shared library code as well as system device drivers, fonts, registries and other configuration 
items, files, and environment variables. 
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OPERATING SYSTEM ABSTRACTION AND PROTECTION LAYER 

This applicaticHi is a coiitiimatioa-i]i-*patt of U.S. Patent ApplicatioaNo. 

09/456,181 , the entirety of which is incorporated herem by reference as if ftilly 

setfbitlL 

The present inventiGii relates to coinpnter soflware, and more particolarly to 
operatnig system software. 

BACKGROIMD OF THE INVENTION 

Ja many esuoronments, but pazttealarly in environments where an application is 
delivaiedYia anetwod; the most important feature is an ability to ion applications on the fly, 
wiOiout a coniplex installatioiL TypicaUy, in cectam prior art systems, great pains were taken 
to modify a cfient system to appear as if a program was installed, or to actually install the 
software itseli^ and then back out Ifaese modifications to restore the oii^^ In 
doing this, multq>le problems preset themselves: conflicts between an application and llie 
con:puter's current configoration, muh^le instances of the same or dififerent appEcations;, 
coniplexity of the bade out process requires an application to be put through a rigorous process 
to ensure all of its modifications can be accounted ft)r, and the use of shared files and system 
components by muk^le applications coxopficates back out and the installation process. . 
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SOMlMOyELY OF THE IIWI^ 



The present inveeation provides a system for creating an application software 
environment withont changiag an operating system of a client con^uter, tlie system 
con]prising an operating system abstraction and protection layer, wherein said abstraction 
and protection layer is iateiposedT}etweett a ranning software application ^d said 
operating system, \>diereby a virtual environment in whicb an application may rmi is 
provided and application level interactions are sabstantially removed Pre&ably, any 
changes directly to the operating system are selectively made within the context of the 
rraming application and the abstraction and protection layer dynamically changes the 
virtual environment according to administrative settinigs. Additionally, in certain 
embodiments, the system continually monitors the use of shared system resources and 
acts as a service to apply and remove changes to system conq>onents. 

Thus, for exaBq>le, in. embodiments within Windows-based operating systems, 
and wherein all operations to the Windows Registry are through the W2n32 API, the 
system preferably provides a means for booking functions, i?sdiereby eacb time said 
fimctions are invoked another ftmction or application intercq}ts the call, and the system 
most preferably hooks eacb appropriate API function to service a request Aether made 
by an application run from a server or if made by an application against a configuration 
key bring actively managed 

In other preferred embodiments of the presmt invention, additional jBinctijonaHty 
is provided, such as those embodiments vdierein the operating system abstraction and 
protection layer manages the integration of mult^le instances of aa application by 
recogoizoig how many instances of an application are running, and in such embodiments 
most preferably it also avoids making changes on startup and shutdown unless there is 
only one application instance running. In this embodiment it is also possible to siq»port 
multi-usfer operating systems in which multiple instances of an application can be running 
on behalf of dijSferent users. 
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Thus, the operating system abstraction and protection layer presents an 
environment to an application that appears to be an installation environment without 
petfinmnng an instalktuni, vvbereby a ^^seudo instanation" is created in wiudi aQ of the 
settings aiebrou^ into a virtual envibronment at fhe time Iheq^^ Or m the 

case of an installed application, acts to dynamically modify tiie behaviot of the 
application at mn-time. Pcefbtced eAibodiments provide a means fiir preventing 
information on the dient conqsuter &om jntetfering or modifying the behavior of an 
application, and most preferably provide a means for dynamically changmg the virtual 
environment according to administrative settings. As menticmed above, in certain 
embodiments it v/31 be possible to have more than one instance of a single software 
app licatum running on the same client conoputer, even if it was not origmally authored to 
do.so. In such, embodiments, shared, controlled contexts are provided in \>^tech at least 
two ofsaid instances ofasingpleappficationdiare one or more virtual setti^ . 

BBIEF DESCRimON OF THE DRAWINGS 

HG. 1 is a block diagram sdiematic shovtong tiie relative relationdiqi of fte present 
invention, an operating systemand a software application; 

FIG. 2 is a block diagram schematic lowing 

HG. 3 is a block diagram schematic lowing 

HG. 4 is a block diagram schiematic lowing 

BETAiliED DESCXtlFIION OF THE FBEFEaEtRED EMBODBMDENTS 

Re&ning now to FIG. 1» there is ilhistrated a block diagram schematic shovmg the 
Illative rektionshq) of the. present invention, an operating syst^ and a soflwaie application. 
Preferred embodiments of the present Invendan provide an operating system abstraction and 
protection layer 100 doiominated an "Operating Sy^em Guard'' lintetnally, many operatn^ 
systems 10 provide fiult domains to protect applications 50 from aflfectmg each other vs^en 
run. However, shgred system resources and many other operating system features allow this 
protection domain to be cornpromised. An operating system abstraction and protection layer 
100 will provide an additional, programmatically controlled harder between applications 50 to 
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xemove most q>p]ication level interactions. Di^osed between the sqppHcation 50 and opetating 
system 10 fhe operadng system abstraction and piotecdum layer 100 selectively aDows 
dianges dnrectly to liie operating system 10, versus containing th.e cbange ynUm tbe context of 
fhe ramung application. For one exsajph, in Windows-based systems, all operations to the 
Windows Begistiy are typically done thxoo^ tlie Win32 APL As e3q>Iaiaed below, ^stem 
fimctions like QoeEjAegEx and GetPtofileStdng can be hooked so that eadi time tiiey are 
invoked, another £mction or ^plication intercepts Ibe calL The Operating System Guard 100 
of the present invention will hook eadi approptiate API fimction to service the request, if 
made by aa application bdng actively managed or if made by aa application against a 
configuration item being actively managed la this way, unless e^^lidtly configured to do so, 
the present inventkm can oeate the application envinmment witiiout making any actual 
diang^ to the end^iser's ^stem Abo, any modifications made at inn-time by the 
flipplication can be posisted or xemoved ea^. 

As used herein the term "Operating System Guard" defines a layer between a 
running application and the operating system of a targ^ computer or cli^ cmspnter that 
provides a virtual environmeaat in which an application may nuL Thisvirtual 
environment has several purposes. First, it prevents a running application fi:om making 
changes to the client conq)uter. If an application attempts to change imdedying op^ting 
system settings of a client conq)uter, such settings are protected and only ^Itnade" in the 
virtual enviromnent For example, if an application attenqpts to change the version of a 
shared object like MSVCRTJDLL, thiis change is localized to the implication and the code 
reddent on tixe client conq)uter is left trntoudied. 

Second, the invention presents an environment to a running application that 
appears to be an installation environment without peifbiming an installation, and is tims a 
*^settdo installation" or '^nstalktion-like." All of the settings are brought into a virtual 
environment at the time die application being served runs, or just-in-time wien the 
application needs the particular setting. For exaiq>le, if a con^uter program sucb as 
Adobe Photoshop® expects to see a set of Windows Registry entries under 
HKEYJLOCALj!4ACHINEVSoftware\Adobe and they are not there on tbe client 
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con^uter siace Photo^op was never installed, a system made in accoidanoe with this 
aspect of the present invention will '^ow" those registry entries to the Photoshop 
progcannning code exactly as if th^ wece resident on the client congiiiter. 

Nbxt, the invention prevents infottnation that may ^dst on die di^itAis^ . 
machine from interfering with or modifying the bdiavior of an appScalion. For exanQ)le, 
if the ns^ has already existing registry entries nnden 

HKEYJ^OCAL_MAC3DNE\Softv^ 
6}T an older version of Photoshop, but now wishes to (^erate a newer version, lliese 
entries can be hidden firomthe new application to prevent conflicts: 

PinaUy, the present invention unlocks application bdiavior that may not exist as' 
die application is cmxentty written, it does this throng die ability to dynamically change 
die virtoalenviixminent according to adnxmistratiy^ For example, in a typical 

instance of an enterprise software ^plication, a client application may e^qpect to read a 
setdng for the address of the database to which die user should connect fiom a setting in 
the registry. Because diis registry key is oftm stored ni HKEYJLOCAL_MACaaiN^ the 
setting is global £>r the entire client con^uter. A user can onty connect to one database 
without reinstalling the client, or knowmg how to modify this registry key, and doing so 
each time they wish to run the applicatum. Howevei; by in^plementing the present 
-invention, two instances of the application may. now run on the same client conq)uter, 
each connecting to a dilGEerent database. 



CONTEXTS 

In providmg this fimctionafity, each application is able to nin in a private context 
within the system. To the application, it bas its own private view ofT\jiat the system 
looks like and its behavior. The present invention provides this by its inherent nature. 
Referring to FIG. 2, two separate applications 52,54, or two instances of the same 
application (50 illustrated in FIG. 1), can be provided private contexts in vMch they will 
appear to have separate or differing copies of system services, conjuration and data. In 
the preferred ernbodiment, this is the de&ult behavior of the system 
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By exteading Ibis concept, the Qperatmg System Guard 100 of the present 
invention can also provide shared, controUed cante^itsin whiclitwo or more applications 
52,54 can i&are some or an offheir virtual settings. This is importaiat for application 
suites such as Microsofi Office, or for appficatums that p et&rm difiEerently in ihe 
presence of oth^ appEcations. For exanqile, many appficatioiis use Microsofi Word as 
an en^ejfor doing IM^ Merge or document creation fimctiona^^ The application 
must know about the installation or presence of Word and be able to tap into its 
JEunctions. In the prefeued embodiment, two instances of the same application will share 
a smgle context by de&ult, ^^^e two separate applications will maintain private 
contexts. Refemng to FIG. 3, the two applications 52,S4 can run while die Operating 
iy^em Guard 100 provides a diared view of the available system resources. 

msiGN 

As illustrated in FIG. 4, the Operating iSystem Guard is con^rised of the 
bllowing subsystems: core 102, configuration manager 104, file manager 106, shared 
ibject manager 108, device manager 110, fiint manager 112, process manager 120, 
ocbcess enviroimient manager 114, loader 116, and recovery manager 118. \W£h the 
reception of the core 102, the process manager 120, and the load^ 116, all other 
ubsystCTis are elements of the Virtualization System described in fiirther detail below, 
rhe core 102 is primarily respon^le £br managing applications and thdb: context as 
lefined by die configuration files. 

The process manager 120 provided by the Operating System Guard allows the 
-ore 102 to be informed of any process or thread event that may be of interest. It also 
provides an abstraction layer to the operatmg system-dependent iixQ)lementations for 
oanagiag a process space and handling thread processing. Processes may be groined 
og^erinto application bundles. An application bundle is a group of processes vMch all 
hare their virtual resources with each other. For examplQ, Microsoft Woi d and Mcrosoft 
ixcel may want to share the virtual registry and virtual file system to be able to work 
ogetber "as an application suite. The process manager 120 calls these appUcation bundles 
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^applications*'. The information about an application exists until tiie process manager 120 
is told to rdtease the appfication. If another process needs to be loaded into the appfication 
bundle^ it may do so as long as tbe appKcation has not been released. 

The loader sabsystem 116 of thepreseot'invendon is used to allow virtoal 
enykonments to be transfixed hxto and oat of the Eac&of&e 
Virtualization Subsystems is capable of senalizmg its configuration for tbe loader 1 16, 
and retrieving it througjk the reverse process. la addition, the loader 116 is capable of 
staged loadingAmloading and combining the results of individual ^ges into <me sngle 
environment deselection. 

BEGISTRY AND CONUGCRATION 

Applications require varying amounts of configuration ioformation to operate 
propedy. Anywhere from zero to tiiousands of configuration records exist for wjuch an 
^plication can read its configuration On Windows, th^ are two commonplaces for 
configaration infi>ni2ation, the Windows Registry and system level mitializati0n files 
\^dnJniandsystem.ini la addition, t]Ie\WI^a)OWS\SYST£M directory is a common . 
place for applications to write ^plication ^edfic configuration or initialization files. 
Applications will also use configuration or data files in their local application directories 
to store add&ional configuration infijrmation. Often tiiis information is difiScnlt to deal 
with, as it is in a proprietary fiinnat On platfinms othartiianWindow^ there is no 
equivalent of the Registry, but common directones exist for configuration infbrauition. X 
Windows has an app-de&ults directory. Afodntoshhas the System Folder, and other 
operating systems willbave corresponding elements. Bis important to note that on most 
UNIX systems, each individual application 52,54 will most ofien store its own 
configuration 152,154 locaDy, as seen in FIG. 2. 

The present invention, in one enibodbnent, includes a virtual Windows Regjistry 
component, \^ch will provide a fiiU fimction registry io an appUcation, but prevent 
modification to the underlying system registry. All keys that an application expects to 
access toII be present, but may only exist in the virtual registry. Li this way, the 
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Pperatmg System Guard 100 of the present kveadon and the Windows Registry form a 
two-stage process for accessing the registry. If an application needs access to a key, it 
will query tlie Registry, llie Operating System Goard will req[>ond with the key and its 
value ifit knows ft. Otherwise, it wiD^aHow the request to pass tiirongh to the \^ 
Registry. If an atten^t is made to modify the value, &e Operating System Gi^ 
allow the modification to oocm: to Itself only. The next time the application accesses the 
key, it will be present in the Op erating System Guard and the request will not flow 
through to the real Registry, leaving it untouched 

' The keys that the Operating System Guard uses are specified in three separate 
sections. These Operating System Guard keys are specified as commands in ^se 
sections to modify an existing key, deletethepresenceofakey, oraddanewkeytotilie 
registry. Ihthisway, the virtual registry can appear exactfy as the system intends. This is 
ixcportant as the presence or absence of a key can be as in^ortant as the actual value of 
the key. 

In the preferred enibodiment, the Operating System Guard first loads a data SLe 
that contains basic registry entries fi)r the Implication. Then a second data file is loaded 
that contains the user's preferences. fmaUy, the Operating System Guard can optionally 
bad a set ofkeys that include policy items that the user is not allowed to overii The 
three files load on top of each other wifh duplicate items in each file overriding it^ns in 
thefileb^oreit The first thne a user runs an appUcation, the second data file will not 
odst because there will be no us^-specific iafi)rmation, only application defiiults. After 
each session, though, the Operating System Guard will save the user's dumges, 
generating that second data file fi)r use in fatore ses^ons. 

Configuration files can be modified in two mys. First, the file can be edited 
directly by an application, hi this scenario, the Operating System Guard Hie subsystem 
described below will address tke modification made to the file. Second, hi the preferred 
embodiment, an application can call the Windows API fiunily of caUs GetProfileStnng, 
WriteProfileString, or others to modify these files. In this case, the Qperatmg System 
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Guard of the present mvendon perfbims exactly as desoibed above mtercepting these 
calls and servichigtiiemfironL within. 

SHARE]) OBJECTS 

Many con^ononts used by operating systems and nmning applications are shared 
across several applications or instances. la general, this is a very good idea. Jit saves disk 
space, not requiring many copies of the same file. It also provides the ahility for 
operating system vendors and third parties to create and distribute libraries of coromonly 
used code. On the Windows platform. Dynamic link libraries, DLLs, are oActl shared 
within and across applications. Qnotherplatfotms, the problem is the same. Qathe 
Macintosh, INITs and other system con^onents are loaded for applications. These 
con^onents can have many versions, of \iv*ich .onfy one is used at a time. QnlJNK 
systemis, dynamic shared objects, e.g., ''.so'^ library files^ are used by applications to 
speed load time, save disk space, and for other reasons. -Many programs use the de&ult 
*1ibc.so." However, this library file is typically a symbolic link to some version of itself 
suchasUbc.so.3. In practice, this feature has created havoc. These shared con:qponents 
have often gone thioo^ revision, whh many versions of the same con^onent available to 
be installed. Application authors have found their software to work ynOi potentially only 
one or some of the versions of the shared con^onent Thus, in practice, applications 
tj^icaOyinstaUtheversionthey desire, overwriting other present verdons. This 
potattially causes de&ults in other applications running on a system. 

On Windows 98, Windows 2000, Microsoft has created the Windows Protected 
File System (WPFS)-to allow system administrators to create a file called 
XXXX.LOCAL m the base directory of an application, vAiGtc XXXX is the executable 
file name without the extensbn. This causes the Windows Loader to alter its method of 
resolving path references during Loadlibrary executions. This, however, is not sofiEicient 
to completely solve the problem. First, setting up the XXXX file is left to the knowledge 
of the system'administrator, which varies widely. Second, a component version must 
undergo a rewind back to the original, then iastall this component in the local directory, 
and then create the "XOCAL" file. This is not a straightforward process for any but the 
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most basic con^oneiits placed ia \VlNDOWS\iSlf STEML Also, this solution does not 
cover all of tlie needed fimctionality. Doling Loadlibraiy, Windows uses different path 
resolution semaotiGs depending on^edier the conqKmentms resolved as a result of an 
es^licit or injplicit LoadLibrary,.and also yAs&iec a Bsgjstty Key exists indicating that it 
is a named, or.weDrkaown, DLL. Ia this case, the LoadLibraiy call will always resolve 
to the WINDO WS\SYS1£M directoiy. 

DLLs and other s3iared components also retain reference connt semantics to 
ensure that a conq)oneiit is not toadied uidess no running appUcations In 
practice, only applications from the operating system vendor and the operating system 
itselfliave done a good job of obeying tiiis protocol 

As a goieralmle, it is desired to have a shared object alwi^ resolve to the 
correct con^on^ To provide this fimctionality it is required to understand the v^ 
of a con^onent, or range ofverdons» that an application is able to fonc^ Then, 
vAteai the application is to be run, the pres^ invention should ensure that the con^onent 
is resolved correctly. It is acc^table, in the present invention, to automate the use of 
WPFS or other operating system provided capability, if desred. Idl this case, it is 
necessaiy to detect needed conponents and place tiiem in the local tile S}'5tenL Thisis 
more cbwplesK tiian just watching installation, as an installation program will often not 
install a coroponent if the required one is aheady tiiere. 

It is desired to identify a method to ensure -that named objects are also loaded 
coxrectiy. On the "Windows platform, MSVCRT.DLL is a significant culprit within tliis 
problem area. If multiple verdbns of this object are maintained, the aforementioned 
Registiy key can be dynamically changed, allowing the Loadlibrary fimction to resohre 
the correct con^onent versionu Another reasonable method of ensormg correct 
conponent loading is the dynamic editing of a process environment to use a valid search 
path. This search path wiU ensure that a local con^onent is resolved before -a system 
wide conq>oneait Another possible method for resolution of the correct s^iared object is 
through the use of symbolic links. A sjonbolic link can be made for a shared conqionent. 
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vMdx is resolved at ntn-time by the conq>i]ter's file ^stem to the needed con^cmeiiL 
Finally, the actual open/read/close requests for infoimatioii from a shared object's £Dle 
can be intercepted by the present invention and legended to ^^micalfy &r the cotrect 
version of the file which may exist on the local system or within the invention' s 
subsystems. 

Several fecial forms exist. On the Windows platform, OLE^ ODBC, MDXc, . . . 
as wen as a nmnber of other vendor specifi.c con^onents, are written to be shared 
globaUy among several or aU running processes. In the case of OLE, going as fir as 
sharnig data and memory space betweeai separate processes. OLE prevents more than 
Qnec(q^ofitselfrimningatatime,asdomanyofthesecon9on^^ OLEalsohas 
many bugs and features requiring a (specific version to be loaded fiir a q>edfic 
application. In the pres^ invention, an ^plication is able to load v^iatever version of 
OLE is required, still enabling tlie shared semantics with other con^onentsnsmg the 
same version of OLE. 

In genera], unless spedfically configured as such, shared objects ^oiild be loaded 
private^ to ensure conflict prevention. Nothing about ftemetho.d used to allow a 
con^onent to be loaded pnvately should prevmt it from being unloaded cleanly or 
correctly loading &r ancdi^ software application, wfaeth^ being actively mmiaged by 
the Opiating System Guard or not. In addition, ifthe system crashes it is required to 
recov^ finom this crash to a dean state, not having overwdttm or modified the 
underlying operathig system. 

HLES 

Many applications nse data files within the application to store configuration 
entries or other application data. The present invention provides a vutual file system 
much like the virtual registry described above. Before the srpplication starts, the present 
invention can load a list of file system changes, including files to hide and files to add to 
the virtual environment or files to redirect to another within the virtual environment. 
Whenever the application accesses or modifies any files, the Operating System Guard 
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checks if the file mast be redkected, and if so, ia the prefbcred embodiment redirects the 
request to a location specified in the Operating System Guard configuration. 



If an appfication tries to create a new file or open an existing file for wiiting on a 
user's local drive, the Operating System Guard must eosocre that the file is actually 
created or modified in the redirected location. If the application is reloaded at a later time^ 
this file mapping most be reloaded into tiie Operating System Guard virtual environment 
When the request is to modify an existing file, which resides on a user^s local drive, the 
Operating System Guard must copy the file in question to the redhection point befi>re 
continuing with the request. The redirected files may not be of the same name as the 
odgjuial file to ensnre safe mapping of file paths. In the preferred entbodunent, INI files 
are handled in this way to oflEer maximum system security wliile dtowing maxhmmi 
application conqpatihility. - 

The present iny^ition is particularly usefiil for applications delivered over a 
netwQxIc Ll such in^lementations it is in^ortant to understand that sofiiware applications 
are made pf several kinds of data, vibj&ce the bulk of the files a software applicatkm uses 
are most preferably mounted on a separate bgjcal drive. Configuration, including both 
file based and registcy based, can be user ^edfic and system wide. The application 
delivery system used should miarkeacA file for vsdd(^ of these ty^ This 
information provides hints to the Operating System Guard system to act on appropriately. 

DEVICE DBBHSRS 

Many applications use device drivers or other operating system level sofi^ss^are to 
inclement some of its functions such as hardware siqiport or low level interactions 
directly witii tiie operating system. In the present invention, tiie Operating System Guard 
win provide the capabilfty of dynamically, and as possible privately, adding and 
removing these conq)oiients to an application's virtual Quvironmentv 

Many device drivers are buitt to be dynamically loadable. If *at all possible, it is 
the preferred embodiment to load all device drivers dynamically. If a device driver 
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requires static load at boot time, the user must be presented vnsb. this kaowledge before 
ruiming the application. Once the system has rebooted, the application should continue 
from where it left off However, a large percentage of device drxveis ate not dynamically 
unload^ble. Althou^ it is pre&rced to ^^namically unload the dxrver, if tliis cannot be 
accomplished the dnver will be marked for removal on the next reboot; and the user 
should be made aware of tills. Ifthe application is nm a second time be&re lite next 
reboot, the system should remain aware of the presence of the driver and not atten^t a 
second installation, waiting for termination to remark the component removable at next 
reboot 

It is impoitantto diaracterize tiie base similarities and diflGbrences, as they exist 
£br eadi device dxiver class, to ensure tiie present invCTtion can corcectfy Itis 
not tnily desired to load and unload device drivers fiir system hardware that is constantly 
present. . It should be understood that althou^ this is not a preferred embodimentin 
tenns of programming ease, it is witidn the scope of the present invention and may be 
required &r ^edfic reasons; such as tbe restriction in UcensDLg ag^ 
applications that are delivered and run using the present invention. 

On non-Microsofl pIatCbrm$, device drivers are typically handled very differei^. 
Mac^btosh systems support both static and dynannc drivers, but tiiey are all Installed and 
r^noved through the same metiiod. linkingwitiitiieMacinto^ system folder will 
provide the necessary support For UNK systems, device drivmrnost typically reqpiire 
a modification to the running UNIX kernel, followed by a rd)oot This process can be 
verycon^lex. In the preferred end}odiment, this process is autoniated; including 
resetting the kernel once the application is conq>lete. The general parameters of the 
process are the same'as that described above for \/^dows applications, the actual process 
steps of compilation and persons ^miliar wiCh such operating systems can carry out 
rd)oot 
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finally, fho se of sldQ m fhe ait vfSL understand tiiat it is desirable to be able to 
recover and remove dxivers across system &3mes. Whatever data or processes necessary 
to retain systemiotegr^ are therefore a preferred embodiment of the piesait invention. 
Those of skill in the art also appreciate that all types of device drivers might not be 
conveniently or efiScientfy provided via the present invention, most particniarfy those 
associated wifli permanent hardware attached devices. 



aiHER ITEMS 

In the presesit invention, it is recognized that there are several conq>onents of the 
invention, the behavior or presence of which is diJBferertt on ahemate operating systems. 
These coroponents include fonts, processes, environment variables, and others. 

Some applications reqiiire fonts to be installed in order to pecfoim. correctly Any 
fonts required will be specified in the Operating System Guard's configuration file. The 
Operating System Guard will enable &ese fonts prior to running the application and if 
necessary remove them afterwards. Most systeios have a common area for storage of 
fonts in addition to a process for registering them or making the system aware of their 
presence, the Operating System Guard will utilize these available methods. 

On Wmdows, a font is copied to the \WINDOWS\FONTS dhectory. This 
however does not guarantee that the font is available to the running program In the 
preferred embodiment, if the program uses the Windows API to access fimts, the font Tvdll 
need to be registered with a Win32 API call such as CreateScalableFontResource/ . 
AddFontResource. This will insert the font into the S5rstem font table. Once concplete, 
the Operating System Guard can remove the font with another appropriate API call like 
RemoveFontResource, then remove the file fiom the system Asanakemate 
embodiment, the Operating System Guard could hook the API fimctions as described in 
the virtual registry method. In addition, the Operating System Guard can use its File 
subsystem to* avoid placing the actual font file in the running system 

On Macintosh, the process is extremely similar and based on files hi the 
Macintosh system folder and registration activation. On UNIX, however, tl!ie process is 
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depeadent upon ike appIicatioiL Most typically, font resources are added to tlie system as 
regular files re&olved in the proper locadoo, so tiiey can be accessed by name. With 
many Motif sfystems^ a fi>nt descc^tion needs to be placed into a font resooice file, vMcli 
TviU allow the font to be resolved. The Motif or X application can invoke tiie finxt either 
through the resohition subsystem or by a direct call Recently, many Motif and CDE 
based systems utilize Adobe scalable postsciqrt fi>nts. These fimts need to managed 
through the Adobe type management system. There are exceptions, bowever, and as 
stated above, there are alternates -to the Windows or other pperating system defiinit font 
management sterns. Ilie Adobe Type Manager provides some alternate interfiices for 
this process, as do other third party type'management systems. In most cases it ^ould be 
decided whether to si^port the inteifiice or ignore it. The purpose of Operating System 
Guard is not to provide a univ^rsallayer fisr alltiiese systems, only to do so for the 
operating system's own subsystem 

Many appUcationsrequke environment variables to be set Tiiis is most common 
. on UNIX ^sterns, but is also beavilyused by software, \\diich was origmally.wdtten on 
UNIX and ported to the Windows operating systems. Applications on the Windows 
operating systems heavily rely on the DOS PATH envirosmeat variable and often set 
their own application ^edfic entries. On the Windows 9x/Me environments, there are 
many environmi^ settings, wfaicli are appli^^ If 
an application requires the presence of specific variables, or vafaies to be set in existing 
. mvironment variables, the required oivironme^ 
Operating System Guard's configuration file. The Operating System Guard ^vill set these 
variables fi>r the ^plication's main process when it is launched. As applications do not 
typically change environment settings as th^ operate the virtual environment will not 
trap these calls, nor will it provide the &I1 conoplement of fimctionalhy that the registry 
and configuration subsystem does. 

RECOVERY 

In some cases shown in the previous sections, actual modifications must be made 
to the operating system This is firequent with device drivers and fi^nts. la addition. 
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changes can be made to fhe virtual environm^ that need to be persisted and available 
the next time an applicatioa is run. It is required that the Opeiatiiig System Guard system 
b e able to recover fiom changes to the system, removing the change from the system at 
its earliest posableopportonity. Alternately, ifthesysternqraslies daring an 
application's execution, the Operating System Guard shoold track enough infibrmation to 
reniove any diange to fhe system if it is rebooted or othenndse, and 
dianges made to tiie virtual environment la tiie preferred embodiment, tiiis is 
inq^lemented as a transaction log, but can in other embodiments be done as some other 
similar con^onent, which can be read on qrstemstartiq? so that changes can be backed 
out 

CX>NTROIXIN6 \lRTUA£iIZAlION 

An in^ortant aspect of the invention relates to control of the many fiicets of 
virtualizationv^^b the Operating System Guard is capable In the preferred 
emboduneot there exists an instrumentation program able to ascertain the correct aspects 
ofa software system to control Also inchided is a method to dlow administrators and 
end users to view and modify those items to be virtualized by tiie system. 

in the automated program, tbe i^licadon to be controlled is observed in order to 
gauge die aspects of control The automated program is capable ofperfinming this task 
during tbe installation process of Ibe application, during run-time of the appficatiGn, or a 
combination of both. In &6 preferred ^uibodimeat, the Operadng System Guard is 
embedded hi a wrapper application. Post installation, or after one or many uses of ibe 
software, the* wrapper application will query the Operating System Guard for a detailed 
list ofall of its actions. From this list of actions, the wrqiper^rplication will create the 
configuration files required to load and operate the Operating System Guard on 
subsequent uses. 

If used as part of the installation process, the Operatinig System Guard, in.the f 
preferred embodiment, will act as a virtual layer allowing the installation to be entered 
into its environment only. After the installation, all of the files, settings, et. aL can be 
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Avtmped for reload later. In this way, the instaHation will leave the odginal system intact 
and will liave automatically created the necessary configuration files. When nsed domg 
nse of tke application, the Operating System Guard is able to record dither diflT^ential 
modifications to the emdronment, or recodifythe cohfigarationfiQies. 

The Operating System Guard win pass its information to tiie wrapper application 
fi>r post-processing. In the preferred embodiment, in addition to.the automatic entnes 
that the system can create, the wrapp^ application is programmed with operating system 
specific and application or domain specific knowledge. This knowledge is nsed to alter 
the output of the process to reflect known uses of configuration items or other entdes. In 
the preferred embodiment, a rule&-based system is enqployed to conq^are obs^ed 
behaviors with known scenarios in order to e£fect dianges to the coding. 

The wrapper application is also used as a viewer and/or editor fi)r the 
configuration output of the process. This editor, in the preferred embodiment, enables a 
system administrator to add, edit, or delete items or groins of items fi:om the 
configuration. In observing the configuration throng the editor, the administrator can 
also make replicas of the configuration, changmg spedfic items as needed to effect 
plication level or ns^ custom changes. 

Refiling now to FIG. 1, an embodiment of the present invention is illustrated 
fimctionally. In this embodiment, two sets of application/user data 60 are illustrated. 
The Operating System Guard 100 keeps the two instances of the q»plication 50 firom 
interfering with one ano&er. In addition, as explained above, the operating system guard 
100 serves as an abstraction layer and as such collects commands and communications 
between tiie application software 50 and the actual operating system 10 of the c&ent 
con^Ttter. As illustrated graphically by the arrows, certain commands are between the 
Operating System Guard and the software application, this is in distinction,^ to typical 
installations where these conomands would instead be acted upon by the operating system 
itself resulting in changes to the client con:9Uter that might not necessarily be "i^at the 
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operator intended. On tbe other hand, other conmiands pass through the Operatmg 
System Guard and are then transferred to the Operatmg System itselC 

While this invention has been particularly shown and desoibed Tvith re&resices to 
preferred embodiments Ihereoi^ it \vill be understood by those skilled in the art that 
various changes in form and details may be noade therein without departing fiomthe 
scope of the invention encon^assed by the upended claims. 
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What is daimed is: 

1. A system for creating an application software eiiviraimieiit withoat cltanging aa 
operating system of a cliCTt con^uter, the system con^nsing an operating system 
abaction and protection layer, wherein said abstraction and protection layer is 
inteiposed between a rumiing software application and said operating system, wbereby a 
virtaal environment in wMch an application may run is provided and application level 
interactions are substantially removed. 

2. The system ofclaiml,vs^erein changes direcdy to the operatmg system are 
selectively made ivithin the context of the rumiing application. * 

3; The system of daim 2, v^etein tiie abstraction and protection layer dynamically 
changes the virtual environm^ according to admioistrative settmgs. 

4. The system of claim 1, wherein the system continually monitors the use of shared 
system resom'ces and acts as a service to apply and remove chjanges to system 
con^onents. 

5. The system of claim 1, vvdierein the qperatiag system is a Windows-based operating 
system, and wherein all operations to the Windows Registry and .ini files are throng the 
Win32 API, the system finther ton^iismg a means for hooldng fimctions^ \^ereby each 
time said jBmctions are invoked another fimction or application intercq>ts the call 

6. The system of claim 5, wherein the system hooks each appropriate API fimction to 
service arequest whether made by an application run ftom a server or if made by an 

' applicatic^ against a configuration key bdng actively managed 

7. The system of claim 1, vs^ereia said operating system abstraction and protection layer 
manages the integration of mnltiple instances of an application by recognizing how many 
instances of an application are running. 
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8. The system of cldm 7, in^erein said openttmg system abstraction and protection layer 
avoids makmg changes on startiq) and dmtdown unless there is onfy one application 
instance running. 

9. Hie system of claim 1, ^erem said operating system abstraction and protection layer 
presents an environment to an application that appears to be an installatibn enviropmient 
without performmg an imstallation, wbereby a '^seudo installation'* is created in which 
aU of the settings are brought into a virtual environment at the time the application runs. 

10. The system ofdaim 9, farther conqinsmg a means for prevent 

client conq^uter fioin interfering or modiifyhig the behavior of an application. 

11. The system ofclaim 9, fbrlberconipiidng a means for dynamical 
virtual mvironment according to administrative settinga 

12. The system of claim 9, T^iberein more than one instance of a dngle software 
applicatioix runs on the same client computer, a^id wherein each of said niore than one 
instance connects io a di£Eerent database 

13. The system ofclaiml2»\>AerdndLared,controned contexts are provi^^ 
least two of said instancy of a siogfle application share one or more virtual setting. 

14. The system of claim 1, fiirther con^rising a device driver monitor that receives 
instructions at the time of installation for a particular plication. 

15. Tbe system of claim 1, fiother con^ristng a virtual Windows Registry con^onent to 
provide a foil function re^stzy to an application, but prevent modification to the 
unrlerlying system re^stiy. 
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16. The system of claim 1, herein tbe operating system absttaction and protection layer 
responds vnOx a key and its valae if said key and value are stored mliun the operating 
system abstraction and protection layes^ if not stored, the operating system abstraction 
and protection layer allows the request to p ass throu^^ to the Windows Registry. 

17. Thes]rstemofcIaxml6,^(dijaesnifanatten^ismadetomo 

key, tiie operating system abstraction and protection lay^ allows the modification to 
occmr to itself only. 
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